package com.illtamer.infinite.morii.config.security;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        final AuthenticationHandler authHandler = new AuthenticationHandler("/upload", "/");
        http.formLogin()
                .successHandler(authHandler)
                .failureHandler(authHandler)
                .permitAll()
            .and().authorizeRequests()
                .antMatchers(
                        "/public/**"
                ).permitAll()
                .antMatchers(
                        "/upload/*"
                ).hasRole("admin0")
            .anyRequest().authenticated()
            .and().exceptionHandling()
                .accessDeniedPage("/error/404")
            .and().csrf().disable();
    }
}
